Government Issues New Regulation on Children Protection in Electronic Systems

April 11, 2025

On March 28, 2025, President Prabowo Subianto announced the enactment of Government Regulation on Governance of Children Protection in Implementation of Electronic Systems (the “Regulation”). Unfortunately, as of the date of this Newsflash, the Regulation is not publicly available. We prepared this Newsflash based on the latest official draft of the Regulation (the “Draft GR”) that may be accessed through the website of the Ministry of Communication and Digital (the “MOCD”) as follows: Draft GR.

Based on the Draft GR, the Regulation is issued to fulfill the requirements of Articles 16A(5) and 16B(3) of Law No. 11 of 2008 on Electronic Information and Transactions as amended by Law No. 19 of 2016 as amended by Law No. 1 of 2024 dated January 2, 2024 on the Second Amendment to Law No. 11 of 2008 (collectively, the “EIT Law”). Articles 16A and 16B of the EIT Law essentially stipulate that an Electronic System Organizer (an “ESO”) must provide protection for children who use or access the electronic system. Any failure to do so may result in the ESO to be subject to administrative sanctions.

Please see below the key provisions of the Draft GR.

♦ Children Age Limit

Article 1 Number 1 of the Draft GR defines a Child as someone who is under 18 (eighteen) years old. Despite various laws and regulations that set different age limits for children, the Draft GR explicitly categorizes those who are under 18 (eighteen) years old as children.

♦ Applicability to ESOs

Similar to the provisions of the EIT Law as mentioned above, Article 2(1) of the Draft GR stipulates that ESOs must provide protection for children who use or access the electronic system. In this regard, Article 2(3) of the Draft GR specifies that the ESOs that are subject to the foregoing requirements are ESOs that develop and/or provide online products, services, or features specifically intended to be used or accessed, or that may be used or accessed by children (collectively, the “Product”), whether monetized or not.

In determining the Product that may be used or accessed by children, Article 2(5) of the Draft GR provides the following indicators:

the terms, conditions, rules, or policies published or drafted in an internal document of the ESOs indicate that Product is intended to be used or accessed by children;
there is strong evidence that the composition of users who regularly access Product consists of children;
advertisements related to the Product are aimed at children;
the design elements of the Product are created or displayed in such a way that they are appealing to children; or
the Product is substantially similar to or the same as the other Product which composition of users who regularly access it are children.

Notwithstanding the above, Article 2(7) of the Draft GR stipulates that criteria of the ESOs that will be subject to the requirement to provide children protection as mentioned above will be further regulated by the regulation of the MOCD.

♦ Obligations of ESOs

The Draft GR governs certain obligations the ESOs, among others:

consider the best interests of the children in developing and/or operating the Product;
prioritize the fulfillment of the children’s rights and the protection of the children over the commercial interests of the ESOs;
provide information regarding the minimum age limit for children who may use the Product;
ensure that the Product it develops and/or operates is appropriate for the age of the children who use or access, or who may use or access the Product, while also considering the needs of children that are adjusted to their stages of growth and age range, including children with special needs;
provide function options that are appropriate to the capacity and age of children who may access the Product; and
provide tools, services, or features needed by the children that may be easily accessed by the children or by their parents or guardians, to help exercise their rights or to submit reports or complaints regarding issues experienced by the children in relation to the Product.

♦ Personal Data Protection Provisions

In reference to Law No. 27 of 2022 dated October 17, 2022 on Personal Data Protection, the Draft GR also stipulates certain provisions in relation to the personal data protection of the children. This includes the obligation of the ESOs to prepare a Personal Data Protection Impact Assessment for each Product that is accessed or may be accessed by children before such Product is used by the children, at the latest 3 (three) months before the Product may be accessed by the children. The assessment shall also be reviewed and updated at least every 2 (two) years, or whenever the Product is materially updated or modified.

The Draft GR also provides certain other obligations related to personal data protection and data privacy, including:

protect the privacy and personal data of the children who use or access the Product in accordance with the applicable laws and regulations;
secure the electronic system and prevent unauthorized disclosure or breaches of security of the personal data;
process the data collected solely for the purpose of data verification or for providing the age assurance and not for any other purposes, with such data being deleted once the age determination has been fulfilled;
configure all settings of the Product that are specifically used or accessed by children, or that may be used or accessed by children, to a high level of privacy; and
appoint an officer or staff to carry out the function of protecting the personal data of children as referred to in the applicable laws and regulations (i.e., a data protection officer).

♦ Sanctions

Violations of certain provisions of the Draft GR may subject the ESOs to administrative sanctions in the form of (i) written warnings, (ii) administrative fines, (iii) temporary suspension, and/or (iv) termination of access. The foregoing administrative sanction is imposed by the MOCD in accordance with the type of violation and the impact of the violation on the children but does not eliminate criminal and/or civil liability.

♦ Transitional Period

Article 41 of the Draft GR stipulates that the ESOs and other parties related to the provision of the Product must comply with the child protection governance provisions based on the Regulation no later than 2 (two) years from the date of promulgation of the Regulation.

Notwithstanding the provisions of the Draft GR, we note that Article 40 of the Draft GR provides that further provisions regarding child protection governance in the provision of the Product will be regulated by the regulation of the MOCD. We will continue to monitor the situation closely and provide timely updates and guidance as new information becomes available.

AKSET

Please contact Johannes C. Sahetapy-Engel (jsahetapyengel@aksetlaw.com) or M. Fatih Satria Kasmaliputra (mkasmaliputra@aksetlaw.com) for further information.

Disclaimer:

The foregoing material is the property of AKSET and may not be used by any other party without prior written consent. The information herein is of general nature and should not be treated as legal advice, nor shall it be relied upon by any party for any circumstance. Specific legal advice should be sought by interested parties to address their particular circumstances.

Any links contained in this document are for informational purposes and are available and relevant at time this publication is made. We provide no liability whatsoever in respect of any information or content in such links.